Cannot import keys into dnssec-policy
Matthijs Mekking
matthijs at isc.org
Wed Apr 9 14:12:31 UTC 2025
On 4/9/25 02:29, Bagas Sanjaya wrote:
> On Tue, Apr 08, 2025 at 07:38:44AM -0500, Matthijs Mekking wrote:
>> This time I was able to reproduce, thanks.
>>
>> The reason why the key created by dnssec-keygen is retired because named
>> thinks it was in use already. When there is key timing metadata, the key is
>> considered to be in use (now or in the past).
>>
>> Only not previously used keys are considered as a successor in key
>> rollovers.
>>
>> Try generating the key with dnssec-keygen -G. This will create a key without
>> setting timing metadata.
>
> Indeed it solves the problem. Thanks!
>
>>
>> I will update the documentation accordingly.
>
> Both in KB and dnssec guide in BIND ARM?
Yes
More information about the bind-users
mailing list